適用於計算的 Azure 內建角色
本文列出計算類別中的 Azure 內建角色。
傳統虛擬機參與者
可讓您管理傳統虛擬機,但無法存取它們,以及其所連線的虛擬網路或記憶體帳戶。
| 動作 | 描述 |
|---|---|
| Microsoft.Authorization/*/read | 讀取角色和角色指派 |
| Microsoft.ClassicCompute/domainNames/* | 建立和管理傳統計算功能變數名稱 |
| Microsoft.ClassicCompute/virtualMachines/* | 建立和管理虛擬機器 |
| Microsoft.ClassicNetwork/networkSecurityGroups/join/action | |
| Microsoft.ClassicNetwork/reservedIps/link/action | 連結保留的Ip |
| Microsoft.ClassicNetwork/reservedIps/read | 取得保留的 Ips |
| Microsoft.ClassicNetwork/virtualNetworks/join/action | 加入虛擬網路。 |
| Microsoft.ClassicNetwork/virtualNetworks/read | 取得虛擬網路。 |
| Microsoft.Classic 儲存體/storageAccounts/disks/read | 傳回記憶體帳戶磁碟。 |
| Microsoft.Classic 儲存體/storageAccounts/images/read | 傳回記憶體帳戶映像。 (已被取代。使用 'Microsoft.Classic 儲存體/storageAccounts/vmImages') |
| Microsoft.Classic 儲存體/storageAccounts/listKeys/action | 列出記憶體帳戶的存取金鑰。 |
| Microsoft.Classic 儲存體/storageAccounts/read | 傳回具有指定帳戶的記憶體帳戶。 |
| Microsoft.Insights/alertRules/* | 建立和管理傳統計量警示 |
| Microsoft.ResourceHealth/availabilityStatuses/read | 取得指定範圍中所有資源的可用性狀態 |
| Microsoft.Resources/deployments/* | 建立和管理部署 |
| Microsoft.Resources/subscriptions/resourceGroups/read | 取得或列出資源群組。 |
| Microsoft.Support/* | 建立及更新支援票證 |
| NotActions | |
| none | |
| DataActions | |
| none | |
| NotDataActions | |
| none |
{
"assignableScopes": [
"/"
],
"description": "Lets you manage classic virtual machines, but not access to them, and not the virtual network or storage account they're connected to.",
"id": "/providers/Microsoft.Authorization/roleDefinitions/d73bb868-a0df-4d4d-bd69-98a00b01fccb",
"name": "d73bb868-a0df-4d4d-bd69-98a00b01fccb",
"permissions": [
{
"actions": [
"Microsoft.Authorization/*/read",
"Microsoft.ClassicCompute/domainNames/*",
"Microsoft.ClassicCompute/virtualMachines/*",
"Microsoft.ClassicNetwork/networkSecurityGroups/join/action",
"Microsoft.ClassicNetwork/reservedIps/link/action",
"Microsoft.ClassicNetwork/reservedIps/read",
"Microsoft.ClassicNetwork/virtualNetworks/join/action",
"Microsoft.ClassicNetwork/virtualNetworks/read",
"Microsoft.ClassicStorage/storageAccounts/disks/read",
"Microsoft.ClassicStorage/storageAccounts/images/read",
"Microsoft.ClassicStorage/storageAccounts/listKeys/action",
"Microsoft.ClassicStorage/storageAccounts/read",
"Microsoft.Insights/alertRules/*",
"Microsoft.ResourceHealth/availabilityStatuses/read",
"Microsoft.Resources/deployments/*",
"Microsoft.Resources/subscriptions/resourceGroups/read",
"Microsoft.Support/*"
],
"notActions": [],
"dataActions": [],
"notDataActions": []
}
],
"roleName": "Classic Virtual Machine Contributor",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
受控磁碟 的數據運算符
提供許可權,以使用SAS URI和 Azure AD 驗證將數據上傳至空的受控磁碟、讀取或匯出受控磁碟(未連結至執行中的 VM)和快照集。
| 動作 | 描述 |
|---|---|
| none | |
| NotActions | |
| none | |
| DataActions | |
| Microsoft.Compute/disks/download/action | 在磁碟 SAS URI 上執行讀取資料作業 |
| Microsoft.Compute/disks/upload/action | 在磁碟 SAS URI 上執行寫入資料作業 |
| Microsoft.Compute/snapshots/download/action | 在快照集 SAS URI 上執行讀取數據作業 |
| Microsoft.Compute/snapshots/upload/action | 在快照集 SAS URI 上執行寫入數據作業 |
| NotDataActions | |
| none |
{
"assignableScopes": [
"/"
],
"description": "Provides permissions to upload data to empty managed disks, read, or export data of managed disks (not attached to running VMs) and snapshots using SAS URIs and Azure AD authentication.",
"id": "/providers/Microsoft.Authorization/roleDefinitions/959f8984-c045-4866-89c7-12bf9737be2e",
"name": "959f8984-c045-4866-89c7-12bf9737be2e",
"permissions": [
{
"actions": [],
"notActions": [],
"dataActions": [
"Microsoft.Compute/disks/download/action",
"Microsoft.Compute/disks/upload/action",
"Microsoft.Compute/snapshots/download/action",
"Microsoft.Compute/snapshots/upload/action"
],
"notDataActions": []
}
],
"roleName": "Data Operator for Managed Disks",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
桌面虛擬化應用程式群組參與者
桌面虛擬化應用程式群組的參與者。
| 動作 | 描述 |
|---|---|
| Microsoft.DesktopVirtualization/applicationgroups/* | |
| Microsoft.DesktopVirtualization/hostpools/read | 讀取主機集區 |
| Microsoft.DesktopVirtualization/hostpools/sessionhosts/read | 讀取 hostpools/sessionhosts |
| Microsoft.Resources/subscriptions/resourceGroups/read | 取得或列出資源群組。 |
| Microsoft.Resources/deployments/* | 建立和管理部署 |
| Microsoft.Authorization/*/read | 讀取角色和角色指派 |
| Microsoft.Insights/alertRules/* | 建立和管理傳統計量警示 |
| Microsoft.Support/* | 建立及更新支援票證 |
| NotActions | |
| none | |
| DataActions | |
| none | |
| NotDataActions | |
| none |
{
"assignableScopes": [
"/"
],
"description": "Contributor of the Desktop Virtualization Application Group.",
"id": "/providers/Microsoft.Authorization/roleDefinitions/86240b0e-9422-4c43-887b-b61143f32ba8",
"name": "86240b0e-9422-4c43-887b-b61143f32ba8",
"permissions": [
{
"actions": [
"Microsoft.DesktopVirtualization/applicationgroups/*",
"Microsoft.DesktopVirtualization/hostpools/read",
"Microsoft.DesktopVirtualization/hostpools/sessionhosts/read",
"Microsoft.Resources/subscriptions/resourceGroups/read",
"Microsoft.Resources/deployments/*",
"Microsoft.Authorization/*/read",
"Microsoft.Insights/alertRules/*",
"Microsoft.Support/*"
],
"notActions": [],
"dataActions": [],
"notDataActions": []
}
],
"roleName": "Desktop Virtualization Application Group Contributor",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
桌面虛擬化應用程式群組讀取器
桌面虛擬化應用程式群組的讀取者。
| 動作 | 描述 |
|---|---|
| Microsoft.DesktopVirtualization/applicationgroups/*/read | |
| Microsoft.DesktopVirtualization/applicationgroups/read | 讀取應用程式群組 |
| Microsoft.DesktopVirtualization/hostpools/read | 讀取主機集區 |
| Microsoft.DesktopVirtualization/hostpools/sessionhosts/read | 讀取 hostpools/sessionhosts |
| Microsoft.Resources/subscriptions/resourceGroups/read | 取得或列出資源群組。 |
| Microsoft.Resources/deployments/read | 取得或列出部署。 |
| Microsoft.Authorization/*/read | 讀取角色和角色指派 |
| Microsoft.Insights/alertRules/read | 讀取傳統計量警示 |
| Microsoft.Support/* | 建立及更新支援票證 |
| NotActions | |
| none | |
| DataActions | |
| none | |
| NotDataActions | |
| none |
{
"assignableScopes": [
"/"
],
"description": "Reader of the Desktop Virtualization Application Group.",
"id": "/providers/Microsoft.Authorization/roleDefinitions/aebf23d0-b568-4e86-b8f9-fe83a2c6ab55",
"name": "aebf23d0-b568-4e86-b8f9-fe83a2c6ab55",
"permissions": [
{
"actions": [
"Microsoft.DesktopVirtualization/applicationgroups/*/read",
"Microsoft.DesktopVirtualization/applicationgroups/read",
"Microsoft.DesktopVirtualization/hostpools/read",
"Microsoft.DesktopVirtualization/hostpools/sessionhosts/read",
"Microsoft.Resources/subscriptions/resourceGroups/read",
"Microsoft.Resources/deployments/read",
"Microsoft.Authorization/*/read",
"Microsoft.Insights/alertRules/read",
"Microsoft.Support/*"
],
"notActions": [],
"dataActions": [],
"notDataActions": []
}
],
"roleName": "Desktop Virtualization Application Group Reader",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
桌面虛擬化參與者
桌面虛擬化的參與者。
| 動作 | 描述 |
|---|---|
| Microsoft.DesktopVirtualization/* | |
| Microsoft.Resources/subscriptions/resourceGroups/read | 取得或列出資源群組。 |
| Microsoft.Resources/deployments/* | 建立和管理部署 |
| Microsoft.Authorization/*/read | 讀取角色和角色指派 |
| Microsoft.Insights/alertRules/* | 建立和管理傳統計量警示 |
| Microsoft.Support/* | 建立及更新支援票證 |
| NotActions | |
| none | |
| DataActions | |
| none | |
| NotDataActions | |
| none |
{
"assignableScopes": [
"/"
],
"description": "Contributor of Desktop Virtualization.",
"id": "/providers/Microsoft.Authorization/roleDefinitions/082f0a83-3be5-4ba1-904c-961cca79b387",
"name": "082f0a83-3be5-4ba1-904c-961cca79b387",
"permissions": [
{
"actions": [
"Microsoft.DesktopVirtualization/*",
"Microsoft.Resources/subscriptions/resourceGroups/read",
"Microsoft.Resources/deployments/*",
"Microsoft.Authorization/*/read",
"Microsoft.Insights/alertRules/*",
"Microsoft.Support/*"
],
"notActions": [],
"dataActions": [],
"notDataActions": []
}
],
"roleName": "Desktop Virtualization Contributor",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
桌面虛擬化主機集區參與者
桌面虛擬化主機集區的參與者。
| 動作 | 描述 |
|---|---|
| Microsoft.DesktopVirtualization/hostpools/* | |
| Microsoft.Resources/subscriptions/resourceGroups/read | 取得或列出資源群組。 |
| Microsoft.Resources/deployments/* | 建立和管理部署 |
| Microsoft.Authorization/*/read | 讀取角色和角色指派 |
| Microsoft.Insights/alertRules/* | 建立和管理傳統計量警示 |
| Microsoft.Support/* | 建立及更新支援票證 |
| NotActions | |
| none | |
| DataActions | |
| none | |
| NotDataActions | |
| none |
{
"assignableScopes": [
"/"
],
"description": "Contributor of the Desktop Virtualization Host Pool.",
"id": "/providers/Microsoft.Authorization/roleDefinitions/e307426c-f9b6-4e81-87de-d99efb3c32bc",
"name": "e307426c-f9b6-4e81-87de-d99efb3c32bc",
"permissions": [
{
"actions": [
"Microsoft.DesktopVirtualization/hostpools/*",
"Microsoft.Resources/subscriptions/resourceGroups/read",
"Microsoft.Resources/deployments/*",
"Microsoft.Authorization/*/read",
"Microsoft.Insights/alertRules/*",
"Microsoft.Support/*"
],
"notActions": [],
"dataActions": [],
"notDataActions": []
}
],
"roleName": "Desktop Virtualization Host Pool Contributor",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
桌面虛擬化主機集區讀取器
桌面虛擬化主機集區的讀取器。
| 動作 | 描述 |
|---|---|
| Microsoft.DesktopVirtualization/hostpools/*/read | |
| Microsoft.DesktopVirtualization/hostpools/read | 讀取主機集區 |
| Microsoft.Resources/subscriptions/resourceGroups/read | 取得或列出資源群組。 |
| Microsoft.Resources/deployments/read | 取得或列出部署。 |
| Microsoft.Authorization/*/read | 讀取角色和角色指派 |
| Microsoft.Insights/alertRules/read | 讀取傳統計量警示 |
| Microsoft.Support/* | 建立及更新支援票證 |
| NotActions | |
| none | |
| DataActions | |
| none | |
| NotDataActions | |
| none |
{
"assignableScopes": [
"/"
],
"description": "Reader of the Desktop Virtualization Host Pool.",
"id": "/providers/Microsoft.Authorization/roleDefinitions/ceadfde2-b300-400a-ab7b-6143895aa822",
"name": "ceadfde2-b300-400a-ab7b-6143895aa822",
"permissions": [
{
"actions": [
"Microsoft.DesktopVirtualization/hostpools/*/read",
"Microsoft.DesktopVirtualization/hostpools/read",
"Microsoft.Resources/subscriptions/resourceGroups/read",
"Microsoft.Resources/deployments/read",
"Microsoft.Authorization/*/read",
"Microsoft.Insights/alertRules/read",
"Microsoft.Support/*"
],
"notActions": [],
"dataActions": [],
"notDataActions": []
}
],
"roleName": "Desktop Virtualization Host Pool Reader",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
桌面虛擬化讀者
桌面虛擬化的讀者。
| 動作 | 描述 |
|---|---|
| Microsoft.DesktopVirtualization/*/read | |
| Microsoft.Resources/subscriptions/resourceGroups/read | 取得或列出資源群組。 |
| Microsoft.Resources/deployments/read | 取得或列出部署。 |
| Microsoft.Authorization/*/read | 讀取角色和角色指派 |
| Microsoft.Insights/alertRules/read | 讀取傳統計量警示 |
| Microsoft.Support/* | 建立及更新支援票證 |
| NotActions | |
| none | |
| DataActions | |
| none | |
| NotDataActions | |
| none |
{
"assignableScopes": [
"/"
],
"description": "Reader of Desktop Virtualization.",
"id": "/providers/Microsoft.Authorization/roleDefinitions/49a72310-ab8d-41df-bbb0-79b649203868",
"name": "49a72310-ab8d-41df-bbb0-79b649203868",
"permissions": [
{
"actions": [
"Microsoft.DesktopVirtualization/*/read",
"Microsoft.Resources/subscriptions/resourceGroups/read",
"Microsoft.Resources/deployments/read",
"Microsoft.Authorization/*/read",
"Microsoft.Insights/alertRules/read",
"Microsoft.Support/*"
],
"notActions": [],
"dataActions": [],
"notDataActions": []
}
],
"roleName": "Desktop Virtualization Reader",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
桌面虛擬化工作階段主機操作者
桌面虛擬化會話主機的操作員。
| 動作 | 描述 |
|---|---|
| Microsoft.DesktopVirtualization/hostpools/read | 讀取主機集區 |
| Microsoft.DesktopVirtualization/hostpools/sessionhosts/* | |
| Microsoft.Resources/subscriptions/resourceGroups/read | 取得或列出資源群組。 |
| Microsoft.Resources/deployments/* | 建立和管理部署 |
| Microsoft.Authorization/*/read | 讀取角色和角色指派 |
| Microsoft.Insights/alertRules/* | 建立和管理傳統計量警示 |
| Microsoft.Support/* | 建立及更新支援票證 |
| NotActions | |
| none | |
| DataActions | |
| none | |
| NotDataActions | |
| none |
{
"assignableScopes": [
"/"
],
"description": "Operator of the Desktop Virtualization Session Host.",
"id": "/providers/Microsoft.Authorization/roleDefinitions/2ad6aaab-ead9-4eaa-8ac5-da422f562408",
"name": "2ad6aaab-ead9-4eaa-8ac5-da422f562408",
"permissions": [
{
"actions": [
"Microsoft.DesktopVirtualization/hostpools/read",
"Microsoft.DesktopVirtualization/hostpools/sessionhosts/*",
"Microsoft.Resources/subscriptions/resourceGroups/read",
"Microsoft.Resources/deployments/*",
"Microsoft.Authorization/*/read",
"Microsoft.Insights/alertRules/*",
"Microsoft.Support/*"
],
"notActions": [],
"dataActions": [],
"notDataActions": []
}
],
"roleName": "Desktop Virtualization Session Host Operator",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
桌面虛擬化使用者
允許使用者在應用程式群組中使用應用程式。
| 動作 | 描述 |
|---|---|
| none | |
| NotActions | |
| none | |
| DataActions | |
| Microsoft.DesktopVirtualization/applicationGroups/useApplications/action | 使用 ApplicationGroup |
| Microsoft.DesktopVirtualization/appAttachPackages/useApplications/action | 允許應用程式群組中應用程式附加套件的用戶許可權 |
| NotDataActions | |
| none |
{
"assignableScopes": [
"/"
],
"description": "Allows user to use the applications in an application group.",
"id": "/providers/Microsoft.Authorization/roleDefinitions/1d18fff3-a72a-46b5-b4a9-0b38a3cd7e63",
"name": "1d18fff3-a72a-46b5-b4a9-0b38a3cd7e63",
"permissions": [
{
"actions": [],
"notActions": [],
"dataActions": [
"Microsoft.DesktopVirtualization/applicationGroups/useApplications/action",
"Microsoft.DesktopVirtualization/appAttachPackages/useApplications/action"
],
"notDataActions": []
}
],
"roleName": "Desktop Virtualization User",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
桌面虛擬化使用者工作階段操作者
桌面虛擬化用戶會話的操作員。
| 動作 | 描述 |
|---|---|
| Microsoft.DesktopVirtualization/hostpools/read | 讀取主機集區 |
| Microsoft.DesktopVirtualization/hostpools/sessionhosts/read | 讀取 hostpools/sessionhosts |
| Microsoft.DesktopVirtualization/hostpools/sessionhosts/usersessions/* | |
| Microsoft.Resources/subscriptions/resourceGroups/read | 取得或列出資源群組。 |
| Microsoft.Resources/deployments/* | 建立和管理部署 |
| Microsoft.Authorization/*/read | 讀取角色和角色指派 |
| Microsoft.Insights/alertRules/* | 建立和管理傳統計量警示 |
| Microsoft.Support/* | 建立及更新支援票證 |
| NotActions | |
| none | |
| DataActions | |
| none | |
| NotDataActions | |
| none |
{
"assignableScopes": [
"/"
],
"description": "Operator of the Desktop Virtualization Uesr Session.",
"id": "/providers/Microsoft.Authorization/roleDefinitions/ea4bfff8-7fb4-485a-aadd-d4129a0ffaa6",
"name": "ea4bfff8-7fb4-485a-aadd-d4129a0ffaa6",
"permissions": [
{
"actions": [
"Microsoft.DesktopVirtualization/hostpools/read",
"Microsoft.DesktopVirtualization/hostpools/sessionhosts/read",
"Microsoft.DesktopVirtualization/hostpools/sessionhosts/usersessions/*",
"Microsoft.Resources/subscriptions/resourceGroups/read",
"Microsoft.Resources/deployments/*",
"Microsoft.Authorization/*/read",
"Microsoft.Insights/alertRules/*",
"Microsoft.Support/*"
],
"notActions": [],
"dataActions": [],
"notDataActions": []
}
],
"roleName": "Desktop Virtualization User Session Operator",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
桌面虛擬化工作區參與者
桌面虛擬化工作區的參與者。
| 動作 | 描述 |
|---|---|
| Microsoft.DesktopVirtualization/workspaces/* | |
| Microsoft.DesktopVirtualization/applicationgroups/read | 讀取應用程式群組 |
| Microsoft.Resources/subscriptions/resourceGroups/read | 取得或列出資源群組。 |
| Microsoft.Resources/deployments/* | 建立和管理部署 |
| Microsoft.Authorization/*/read | 讀取角色和角色指派 |
| Microsoft.Insights/alertRules/* | 建立和管理傳統計量警示 |
| Microsoft.Support/* | 建立及更新支援票證 |
| NotActions | |
| none | |
| DataActions | |
| none | |
| NotDataActions | |
| none |
{
"assignableScopes": [
"/"
],
"description": "Contributor of the Desktop Virtualization Workspace.",
"id": "/providers/Microsoft.Authorization/roleDefinitions/21efdde3-836f-432b-bf3d-3e8e734d4b2b",
"name": "21efdde3-836f-432b-bf3d-3e8e734d4b2b",
"permissions": [
{
"actions": [
"Microsoft.DesktopVirtualization/workspaces/*",
"Microsoft.DesktopVirtualization/applicationgroups/read",
"Microsoft.Resources/subscriptions/resourceGroups/read",
"Microsoft.Resources/deployments/*",
"Microsoft.Authorization/*/read",
"Microsoft.Insights/alertRules/*",
"Microsoft.Support/*"
],
"notActions": [],
"dataActions": [],
"notDataActions": []
}
],
"roleName": "Desktop Virtualization Workspace Contributor",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
桌面虛擬化工作區讀取器
桌面虛擬化工作區的讀取者。
| 動作 | 描述 |
|---|---|
| Microsoft.DesktopVirtualization/workspaces/read | 讀取工作區 |
| Microsoft.DesktopVirtualization/applicationgroups/read | 讀取應用程式群組 |
| Microsoft.Resources/subscriptions/resourceGroups/read | 取得或列出資源群組。 |
| Microsoft.Resources/deployments/read | 取得或列出部署。 |
| Microsoft.Authorization/*/read | 讀取角色和角色指派 |
| Microsoft.Insights/alertRules/read | 讀取傳統計量警示 |
| Microsoft.Support/* | 建立及更新支援票證 |
| NotActions | |
| none | |
| DataActions | |
| none | |
| NotDataActions | |
| none |
{
"assignableScopes": [
"/"
],
"description": "Reader of the Desktop Virtualization Workspace.",
"id": "/providers/Microsoft.Authorization/roleDefinitions/0fa44ee9-7a7d-466b-9bb2-2bf446b1204d",
"name": "0fa44ee9-7a7d-466b-9bb2-2bf446b1204d",
"permissions": [
{
"actions": [
"Microsoft.DesktopVirtualization/workspaces/read",
"Microsoft.DesktopVirtualization/applicationgroups/read",
"Microsoft.Resources/subscriptions/resourceGroups/read",
"Microsoft.Resources/deployments/read",
"Microsoft.Authorization/*/read",
"Microsoft.Insights/alertRules/read",
"Microsoft.Support/*"
],
"notActions": [],
"dataActions": [],
"notDataActions": []
}
],
"roleName": "Desktop Virtualization Workspace Reader",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
磁碟備份讀取器
提供備份保存庫執行磁碟備份的許可權。
| 動作 | 描述 |
|---|---|
| Microsoft.Authorization/*/read | 讀取角色和角色指派 |
| Microsoft.Compute/disks/read | 取得磁碟的屬性 |
| Microsoft.Compute/disks/beginGetAccess/action | 取得磁碟的SAS URI 以進行 Blob 存取 |
| NotActions | |
| none | |
| DataActions | |
| none | |
| NotDataActions | |
| none |
{
"assignableScopes": [
"/"
],
"description": "Provides permission to backup vault to perform disk backup.",
"id": "/providers/Microsoft.Authorization/roleDefinitions/3e5e47e6-65f7-47ef-90b5-e5dd4d455f24",
"name": "3e5e47e6-65f7-47ef-90b5-e5dd4d455f24",
"permissions": [
{
"actions": [
"Microsoft.Authorization/*/read",
"Microsoft.Compute/disks/read",
"Microsoft.Compute/disks/beginGetAccess/action"
],
"notActions": [],
"dataActions": [],
"notDataActions": []
}
],
"roleName": "Disk Backup Reader",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
磁碟集區操作員
提供 儲存體 Pool 資源提供者的許可權,以管理新增至磁碟集區的磁碟。
| 動作 | 描述 |
|---|---|
| Microsoft.Compute/disks/write | 建立新的磁碟或更新現有的磁碟 |
| Microsoft.Compute/disks/read | 取得磁碟的屬性 |
| Microsoft.Authorization/*/read | 讀取角色和角色指派 |
| Microsoft.Insights/alertRules/* | 建立和管理傳統計量警示 |
| Microsoft.Resources/deployments/* | 建立和管理部署 |
| Microsoft.Resources/subscriptions/resourceGroups/read | 取得或列出資源群組。 |
| NotActions | |
| none | |
| DataActions | |
| none | |
| NotDataActions | |
| none |
{
"assignableScopes": [
"/"
],
"description": "Used by the StoragePool Resource Provider to manage Disks added to a Disk Pool.",
"id": "/providers/Microsoft.Authorization/roleDefinitions/60fc6e62-5479-42d4-8bf4-67625fcc2840",
"name": "60fc6e62-5479-42d4-8bf4-67625fcc2840",
"permissions": [
{
"actions": [
"Microsoft.Compute/disks/write",
"Microsoft.Compute/disks/read",
"Microsoft.Authorization/*/read",
"Microsoft.Insights/alertRules/*",
"Microsoft.Resources/deployments/*",
"Microsoft.Resources/subscriptions/resourceGroups/read"
],
"notActions": [],
"dataActions": [],
"notDataActions": []
}
],
"roleName": "Disk Pool Operator",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
磁碟還原運算符
提供備份保存庫執行磁碟還原的許可權。
| 動作 | 描述 |
|---|---|
| Microsoft.Authorization/*/read | 讀取角色和角色指派 |
| Microsoft.Resources/subscriptions/resourceGroups/read | 取得或列出資源群組。 |
| Microsoft.Compute/disks/write | 建立新的磁碟或更新現有的磁碟 |
| Microsoft.Compute/disks/read | 取得磁碟的屬性 |
| NotActions | |
| none | |
| DataActions | |
| none | |
| NotDataActions | |
| none |
{
"assignableScopes": [
"/"
],
"description": "Provides permission to backup vault to perform disk restore.",
"id": "/providers/Microsoft.Authorization/roleDefinitions/b50d9833-a0cb-478e-945f-707fcc997c13",
"name": "b50d9833-a0cb-478e-945f-707fcc997c13",
"permissions": [
{
"actions": [
"Microsoft.Authorization/*/read",
"Microsoft.Resources/subscriptions/resourceGroups/read",
"Microsoft.Compute/disks/write",
"Microsoft.Compute/disks/read"
],
"notActions": [],
"dataActions": [],
"notDataActions": []
}
],
"roleName": "Disk Restore Operator",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
磁碟快照參與者
提供備份保存庫管理磁碟快照集的許可權。
| 動作 | 描述 |
|---|---|
| Microsoft.Authorization/*/read | 讀取角色和角色指派 |
| Microsoft.Resources/subscriptions/resourceGroups/read | 取得或列出資源群組。 |
| Microsoft.Compute/snapshots/delete | 刪除快照集 |
| Microsoft.Compute/snapshots/write | 建立新的快照集或更新現有的快照集 |
| Microsoft.Compute/snapshots/read | 取得快照集的屬性 |
| Microsoft.Compute/snapshots/beginGetAccess/action | 取得 Blob 存取之快照集的 SAS URI |
| Microsoft.Compute/snapshots/endGetAccess/action | 撤銷快照集的SAS URI |
| Microsoft.Compute/disks/beginGetAccess/action | 取得磁碟的SAS URI 以進行 Blob 存取 |
| 微軟。儲存體/storageAccounts/listkeys/action | 傳回指定記憶體帳戶的存取金鑰。 |
| 微軟。儲存體/storageAccounts/write | 使用指定的參數建立記憶體帳戶,或更新屬性或標記,或為指定的記憶體帳戶新增自定義網域。 |
| 微軟。儲存體/storageAccounts/read | 傳回記憶體帳戶的清單,或取得指定之記憶體帳戶的屬性。 |
| 微軟。儲存體/storageAccounts/delete | 刪除現有的記憶體帳戶。 |
| NotActions | |
| none | |
| DataActions | |
| none | |
| NotDataActions | |
| none |
{
"assignableScopes": [
"/"
],
"description": "Provides permission to backup vault to manage disk snapshots.",
"id": "/providers/Microsoft.Authorization/roleDefinitions/7efff54f-a5b4-42b5-a1c5-5411624893ce",
"name": "7efff54f-a5b4-42b5-a1c5-5411624893ce",
"permissions": [
{
"actions": [
"Microsoft.Authorization/*/read",
"Microsoft.Resources/subscriptions/resourceGroups/read",
"Microsoft.Compute/snapshots/delete",
"Microsoft.Compute/snapshots/write",
"Microsoft.Compute/snapshots/read",
"Microsoft.Compute/snapshots/beginGetAccess/action",
"Microsoft.Compute/snapshots/endGetAccess/action",
"Microsoft.Compute/disks/beginGetAccess/action",
"Microsoft.Storage/storageAccounts/listkeys/action",
"Microsoft.Storage/storageAccounts/write",
"Microsoft.Storage/storageAccounts/read",
"Microsoft.Storage/storageAccounts/delete"
],
"notActions": [],
"dataActions": [],
"notDataActions": []
}
],
"roleName": "Disk Snapshot Contributor",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
虛擬機器系統管理員登入
在入口網站中檢視 虛擬機器,並以系統管理員身分登入
| 動作 | 描述 |
|---|---|
| Microsoft.Network/publicIPAddresses/read | 取得公用IP位址定義。 |
| Microsoft.Network/virtualNetworks/read | 取得虛擬網路定義 |
| Microsoft.Network/loadBalancers/read | 取得負載平衡器定義 |
| Microsoft.Network/networkInterfaces/read | 取得網路介面定義。 |
| Microsoft.Compute/virtualMachines/*/read | |
| Microsoft.HybridCompute/machines/*/read | |
| Microsoft.Hybrid 連線 ivity/endpoints/listCredentials/action | 取得資源的端點存取認證。 |
| NotActions | |
| none | |
| DataActions | |
| Microsoft.Compute/virtualMachines/login/action | 以一般使用者身分登入虛擬機 |
| Microsoft.Compute/virtualMachines/loginAs 管理員/action | 使用 Windows 系統管理員或 Linux 根使用者許可權登入虛擬機 |
| Microsoft.HybridCompute/machines/login/action | 以一般使用者身分登入 Azure Arc 機器 |
| Microsoft.HybridCompute/machines/loginAs 管理員/action | 使用 Windows 系統管理員或 Linux 根使用者許可權登入 Azure Arc 計算機 |
| NotDataActions | |
| none |
{
"assignableScopes": [
"/"
],
"description": "View Virtual Machines in the portal and login as administrator",
"id": "/providers/Microsoft.Authorization/roleDefinitions/1c0163c0-47e6-4577-8991-ea5c82e286e4",
"name": "1c0163c0-47e6-4577-8991-ea5c82e286e4",
"permissions": [
{
"actions": [
"Microsoft.Network/publicIPAddresses/read",
"Microsoft.Network/virtualNetworks/read",
"Microsoft.Network/loadBalancers/read",
"Microsoft.Network/networkInterfaces/read",
"Microsoft.Compute/virtualMachines/*/read",
"Microsoft.HybridCompute/machines/*/read",
"Microsoft.HybridConnectivity/endpoints/listCredentials/action"
],
"notActions": [],
"dataActions": [
"Microsoft.Compute/virtualMachines/login/action",
"Microsoft.Compute/virtualMachines/loginAsAdmin/action",
"Microsoft.HybridCompute/machines/login/action",
"Microsoft.HybridCompute/machines/loginAsAdmin/action"
],
"notDataActions": []
}
],
"roleName": "Virtual Machine Administrator Login",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
虛擬機器參與者
建立和管理虛擬機、管理磁碟、安裝和執行軟體、使用 VM 擴充功能重設虛擬機根用戶的密碼,以及使用 VM 擴充功能管理本機用戶帳戶。 此角色不會授與您虛擬機所連線之虛擬網路或記憶體帳戶的管理存取權。 此角色不允許您在 Azure RBAC 中指派角色。
| 動作 | 描述 |
|---|---|
| Microsoft.Authorization/*/read | 讀取角色和角色指派 |
| Microsoft.Compute/availabilitySets/* | 建立和管理計算可用性設定組 |
| Microsoft.Compute/locations/* | 建立和管理計算位置 |
| Microsoft.Compute/virtualMachines/* | 執行所有虛擬機動作,包括建立、更新、刪除、啟動、重新啟動和關閉虛擬機。 在虛擬機上執行腳本。 |
| Microsoft.Compute/virtualMachineScaleSets/* | 建立和管理虛擬機器擴展集 |
| Microsoft.Compute/cloudServices/* | |
| Microsoft.Compute/disks/write | 建立新的磁碟或更新現有的磁碟 |
| Microsoft.Compute/disks/read | 取得磁碟的屬性 |
| Microsoft.Compute/disks/delete | 刪除磁碟 |
| Microsoft.DevTestLab/schedules/* | |
| Microsoft.Insights/alertRules/* | 建立和管理傳統計量警示 |
| Microsoft.Network/applicationGateways/backendAddressPools/join/action | 加入應用程式閘道後端位址池。 不可警示。 |
| Microsoft.Network/loadBalancers/backendAddressPools/join/action | 加入負載平衡器後端位址池。 不可警示。 |
| Microsoft.Network/loadBalancers/inboundNatPools/join/action | 聯結負載平衡器輸入 NAT 集區。 不可警示。 |
| Microsoft.Network/loadBalancers/inboundNatRules/join/action | 聯結負載平衡器輸入 nat 規則。 不可警示。 |
| Microsoft.Network/loadBalancers/probes/join/action | 允許使用負載平衡器的探查。 例如,使用 VM 擴展集的這個許可權 healthProbe 屬性可以參考探查。 不可警示。 |
| Microsoft.Network/loadBalancers/read | 取得負載平衡器定義 |
| Microsoft.Network/locations/* | 建立和管理網路位置 |
| Microsoft.Network/networkInterfaces/* | 建立和管理網路介面 |
| Microsoft.Network/networkSecurityGroups/join/action | 加入網路安全組。 不可警示。 |
| Microsoft.Network/networkSecurityGroups/read | 取得網路安全組定義 |
| Microsoft.Network/publicIPAddresses/join/action | 加入公用IP位址。 不可警示。 |
| Microsoft.Network/publicIPAddresses/read | 取得公用IP位址定義。 |
| Microsoft.Network/virtualNetworks/read | 取得虛擬網路定義 |
| Microsoft.Network/virtualNetworks/subnets/join/action | 加入虛擬網路。 不可警示。 |
| Microsoft.RecoveryServices/locations/* | |
| Microsoft.RecoveryServices/Vaults/backupFabrics/backupProtectionIntent/write | 建立備份保護意圖 |
| Microsoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/protectedItems/*/read | |
| Microsoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/protectedItems/read | 傳回受保護項目的物件詳細數據 |
| Microsoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/protectedItems/write | 建立備份受保護的專案 |
| Microsoft.RecoveryServices/Vaults/backupPolicies/read | 傳回所有保護原則 |
| Microsoft.RecoveryServices/Vaults/backupPolicies/write | 建立保護原則 |
| Microsoft.RecoveryServices/Vaults/read | Get Vault 作業會取得代表 『vault』 類型的 Azure 資源的物件 |
| Microsoft.RecoveryServices/Vaults/usages/read | 傳回復原服務保存庫的使用詳細數據。 |
| Microsoft.RecoveryServices/Vaults/write | 建立保存庫作業會建立類型為 『vault』 的 Azure 資源 |
| Microsoft.ResourceHealth/availabilityStatuses/read | 取得指定範圍中所有資源的可用性狀態 |
| Microsoft.Resources/deployments/* | 建立和管理部署 |
| Microsoft.Resources/subscriptions/resourceGroups/read | 取得或列出資源群組。 |
| Microsoft.SerialConsole/serialPorts/connect/action | 連線 至序列埠 |
| Microsoft.SqlVirtualMachine/* | |
| 微軟。儲存體/storageAccounts/listKeys/action | 傳回指定記憶體帳戶的存取金鑰。 |
| 微軟。儲存體/storageAccounts/read | 傳回記憶體帳戶的清單,或取得指定之記憶體帳戶的屬性。 |
| Microsoft.Support/* | 建立及更新支援票證 |
| NotActions | |
| none | |
| DataActions | |
| none | |
| NotDataActions | |
| none |
{
"assignableScopes": [
"/"
],
"description": "Lets you manage virtual machines, but not access to them, and not the virtual network or storage account they're connected to.",
"id": "/providers/Microsoft.Authorization/roleDefinitions/9980e02c-c2be-4d73-94e8-173b1dc7cf3c",
"name": "9980e02c-c2be-4d73-94e8-173b1dc7cf3c",
"permissions": [
{
"actions": [
"Microsoft.Authorization/*/read",
"Microsoft.Compute/availabilitySets/*",
"Microsoft.Compute/locations/*",
"Microsoft.Compute/virtualMachines/*",
"Microsoft.Compute/virtualMachineScaleSets/*",
"Microsoft.Compute/cloudServices/*",
"Microsoft.Compute/disks/write",
"Microsoft.Compute/disks/read",
"Microsoft.Compute/disks/delete",
"Microsoft.DevTestLab/schedules/*",
"Microsoft.Insights/alertRules/*",
"Microsoft.Network/applicationGateways/backendAddressPools/join/action",
"Microsoft.Network/loadBalancers/backendAddressPools/join/action",
"Microsoft.Network/loadBalancers/inboundNatPools/join/action",
"Microsoft.Network/loadBalancers/inboundNatRules/join/action",
"Microsoft.Network/loadBalancers/probes/join/action",
"Microsoft.Network/loadBalancers/read",
"Microsoft.Network/locations/*",
"Microsoft.Network/networkInterfaces/*",
"Microsoft.Network/networkSecurityGroups/join/action",
"Microsoft.Network/networkSecurityGroups/read",
"Microsoft.Network/publicIPAddresses/join/action",
"Microsoft.Network/publicIPAddresses/read",
"Microsoft.Network/virtualNetworks/read",
"Microsoft.Network/virtualNetworks/subnets/join/action",
"Microsoft.RecoveryServices/locations/*",
"Microsoft.RecoveryServices/Vaults/backupFabrics/backupProtectionIntent/write",
"Microsoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/protectedItems/*/read",
"Microsoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/protectedItems/read",
"Microsoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/protectedItems/write",
"Microsoft.RecoveryServices/Vaults/backupPolicies/read",
"Microsoft.RecoveryServices/Vaults/backupPolicies/write",
"Microsoft.RecoveryServices/Vaults/read",
"Microsoft.RecoveryServices/Vaults/usages/read",
"Microsoft.RecoveryServices/Vaults/write",
"Microsoft.ResourceHealth/availabilityStatuses/read",
"Microsoft.Resources/deployments/*",
"Microsoft.Resources/subscriptions/resourceGroups/read",
"Microsoft.SerialConsole/serialPorts/connect/action",
"Microsoft.SqlVirtualMachine/*",
"Microsoft.Storage/storageAccounts/listKeys/action",
"Microsoft.Storage/storageAccounts/read",
"Microsoft.Support/*"
],
"notActions": [],
"dataActions": [],
"notDataActions": []
}
],
"roleName": "Virtual Machine Contributor",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
虛擬機器資料存取 管理員 istrator (預覽)
新增或移除虛擬機 管理員 istrator 登入和虛擬機使用者登入角色的角色指派,以管理 虛擬機器的存取權。 包含用來限制角色指派的 ABAC 條件。
| 動作 | 描述 |
|---|---|
| Microsoft.Authorization/roleAssignments/write | 在指定的範圍建立角色指派。 |
| Microsoft.Authorization/roleAssignments/delete | 刪除指定範圍的角色指派。 |
| Microsoft.Authorization/*/read | 讀取角色和角色指派 |
| Microsoft.Resources/subscriptions/resourceGroups/read | 取得或列出資源群組。 |
| Microsoft.Resources/subscriptions/read | 取得訂用帳戶的清單。 |
| Microsoft.Management/managementGroups/read | 列出已驗證使用者的管理群組。 |
| Microsoft.Network/publicIPAddresses/read | 取得公用IP位址定義。 |
| Microsoft.Network/virtualNetworks/read | 取得虛擬網路定義 |
| Microsoft.Network/loadBalancers/read | 取得負載平衡器定義 |
| Microsoft.Network/networkInterfaces/read | 取得網路介面定義。 |
| Microsoft.Compute/virtualMachines/*/read | |
| Microsoft.HybridCompute/machines/*/read | |
| Microsoft.Resources/deployments/* | 建立和管理部署 |
| Microsoft.Support/* | 建立及更新支援票證 |
| NotActions | |
| none | |
| DataActions | |
| none | |
| NotDataActions | |
| none | |
| Condition | |
| ((!(ActionMatches{'Microsoft.Authorization/roleAssignments/write'}))OR (@Request[Microsoft.Authorization/roleAssignments:RoleDefinitionId] ForAnyOfAnyValues:GuidEquals{1c0163c0-47e6-4577-8991-ea5c82e286e4, fb879df8-f326-4884-b1cf-06f3ad86be52})) AND (!(ActionMatches{'Microsoft.Authorization/roleAssignments/delete'})OR (@Resource[Microsoft.Authorization/roleAssignments:RoleDefinitionId] ForAnyOfAnyValues:GuidEquals{1c0163c0-47e6-4577-8991-ea5c82e286e4, fb879df8-f326-4884-b1cf-06f3ad86be52})) | 新增或移除下列角色的角色指派: 虛擬機器系統管理員登入 虛擬機器使用者登入 |
{
"assignableScopes": [
"/"
],
"description": "Manage access to Virtual Machines by adding or removing role assignments for the Virtual Machine Administrator Login and Virtual Machine User Login roles. Includes an ABAC condition to constrain role assignments.",
"id": "/providers/Microsoft.Authorization/roleDefinitions/66f75aeb-eabe-4b70-9f1e-c350c4c9ad04",
"name": "66f75aeb-eabe-4b70-9f1e-c350c4c9ad04",
"permissions": [
{
"actions": [
"Microsoft.Authorization/roleAssignments/write",
"Microsoft.Authorization/roleAssignments/delete",
"Microsoft.Authorization/*/read",
"Microsoft.Resources/subscriptions/resourceGroups/read",
"Microsoft.Resources/subscriptions/read",
"Microsoft.Management/managementGroups/read",
"Microsoft.Network/publicIPAddresses/read",
"Microsoft.Network/virtualNetworks/read",
"Microsoft.Network/loadBalancers/read",
"Microsoft.Network/networkInterfaces/read",
"Microsoft.Compute/virtualMachines/*/read",
"Microsoft.HybridCompute/machines/*/read",
"Microsoft.Resources/deployments/*",
"Microsoft.Support/*"
],
"notActions": [],
"dataActions": [],
"notDataActions": [],
"conditionVersion": "2.0",
"condition": "((!(ActionMatches{'Microsoft.Authorization/roleAssignments/write'})) OR (@Request[Microsoft.Authorization/roleAssignments:RoleDefinitionId] ForAnyOfAnyValues:GuidEquals{1c0163c0-47e6-4577-8991-ea5c82e286e4, fb879df8-f326-4884-b1cf-06f3ad86be52})) AND ((!(ActionMatches{'Microsoft.Authorization/roleAssignments/delete'})) OR (@Resource[Microsoft.Authorization/roleAssignments:RoleDefinitionId] ForAnyOfAnyValues:GuidEquals{1c0163c0-47e6-4577-8991-ea5c82e286e4, fb879df8-f326-4884-b1cf-06f3ad86be52}))"
}
],
"roleName": "Virtual Machine Data Access Administrator (preview)",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
虛擬機本機使用者登入
在入口網站中檢視 虛擬機器,並以Arc伺服器上設定的本機使用者身分登入
| 動作 | 描述 |
|---|---|
| Microsoft.HybridCompute/machines/*/read | |
| Microsoft.Hybrid 連線 ivity/endpoints/listCredentials/action | 取得資源的端點存取認證。 |
| NotActions | |
| none | |
| DataActions | |
| none | |
| NotDataActions | |
| none |
{
"assignableScopes": [
"/"
],
"description": "View Virtual Machines in the portal and login as a local user configured on the arc server",
"id": "/providers/Microsoft.Authorization/roleDefinitions/602da2ba-a5c2-41da-b01d-5360126ab525",
"name": "602da2ba-a5c2-41da-b01d-5360126ab525",
"permissions": [
{
"actions": [
"Microsoft.HybridCompute/machines/*/read",
"Microsoft.HybridConnectivity/endpoints/listCredentials/action"
],
"notActions": [],
"dataActions": [],
"notDataActions": []
}
],
"roleName": "Virtual Machine Local User Login",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
虛擬機器使用者登入
在入口網站中檢視 虛擬機器,並以一般使用者身分登入。
| 動作 | 描述 |
|---|---|
| Microsoft.Network/publicIPAddresses/read | 取得公用IP位址定義。 |
| Microsoft.Network/virtualNetworks/read | 取得虛擬網路定義 |
| Microsoft.Network/loadBalancers/read | 取得負載平衡器定義 |
| Microsoft.Network/networkInterfaces/read | 取得網路介面定義。 |
| Microsoft.Compute/virtualMachines/*/read | |
| Microsoft.HybridCompute/machines/*/read | |
| Microsoft.Hybrid 連線 ivity/endpoints/listCredentials/action | 取得資源的端點存取認證。 |
| NotActions | |
| none | |
| DataActions | |
| Microsoft.Compute/virtualMachines/login/action | 以一般使用者身分登入虛擬機 |
| Microsoft.HybridCompute/machines/login/action | 以一般使用者身分登入 Azure Arc 機器 |
| NotDataActions | |
| none |
{
"assignableScopes": [
"/"
],
"description": "View Virtual Machines in the portal and login as a regular user.",
"id": "/providers/Microsoft.Authorization/roleDefinitions/fb879df8-f326-4884-b1cf-06f3ad86be52",
"name": "fb879df8-f326-4884-b1cf-06f3ad86be52",
"permissions": [
{
"actions": [
"Microsoft.Network/publicIPAddresses/read",
"Microsoft.Network/virtualNetworks/read",
"Microsoft.Network/loadBalancers/read",
"Microsoft.Network/networkInterfaces/read",
"Microsoft.Compute/virtualMachines/*/read",
"Microsoft.HybridCompute/machines/*/read",
"Microsoft.HybridConnectivity/endpoints/listCredentials/action"
],
"notActions": [],
"dataActions": [
"Microsoft.Compute/virtualMachines/login/action",
"Microsoft.HybridCompute/machines/login/action"
],
"notDataActions": []
}
],
"roleName": "Virtual Machine User Login",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
Windows Admin Center 系統管理員登入
讓我們以系統管理員身分透過 Windows 管理員 中心管理資源的作業系統。
| 動作 | 描述 |
|---|---|
| Microsoft.HybridCompute/machines/*/read | |
| Microsoft.HybridCompute/machines/extensions/* | |
| Microsoft.HybridCompute/machines/upgradeExtensions/action | 升級 Azure Arc 機器上的擴充功能 |
| Microsoft.HybridCompute/operations/read | 讀取適用於伺服器的 Azure Arc 的所有作業 |
| Microsoft.Network/networkInterfaces/read | 取得網路介面定義。 |
| Microsoft.Network/loadBalancers/read | 取得負載平衡器定義 |
| Microsoft.Network/publicIPAddresses/read | 取得公用IP位址定義。 |
| Microsoft.Network/virtualNetworks/read | 取得虛擬網路定義 |
| Microsoft.Network/networkSecurityGroups/read | 取得網路安全組定義 |
| Microsoft.Network/networkSecurityGroups/defaultSecurityRules/read | 取得預設安全性規則定義 |
| Microsoft.Network/networkWatchers/securityGroupView/action | 檢視 VM 上套用的已設定且有效的網路安全組規則。 |
| Microsoft.Network/networkSecurityGroups/securityRules/read | 取得安全性規則定義 |
| Microsoft.Network/networkSecurityGroups/securityRules/write | 建立安全性規則或更新現有的安全性規則 |
| Microsoft.Hybrid 連線 ivity/endpoints/write | 將端點更新為目標資源。 |
| Microsoft.Hybrid 連線 ivity/endpoints/read | 取得資源的端點。 |
| Microsoft.Hybrid 連線 ivity/endpoints/serviceConfigurations/write | 更新目標資源服務組態中的服務詳細數據。 |
| Microsoft.Hybrid 連線 ivity/endpoints/serviceConfigurations/read | 取得資源服務的詳細數據。 |
| Microsoft.Hybrid 連線 ivity/endpoints/listManagedProxyDetails/action | 擷取受控 Proxy 詳細數據 |
| Microsoft.Compute/virtualMachines/read | 取得虛擬機器的屬性 |
| Microsoft.Compute/virtualMachines/patchAssessmentResults/latest/read | 擷取最新修補程式評估作業的摘要 |
| Microsoft.Compute/virtualMachines/patchAssessmentResults/latest/softwarePatches/read | 擷取上次修補程式評估作業期間評估的修補程序清單 |
| Microsoft.Compute/virtualMachines/patchInstallationResults/read | 擷取最新修補程式安裝作業的摘要 |
| Microsoft.Compute/virtualMachines/patchInstallationResults/softwarePatches/read | 擷取上次修補程式安裝作業期間嘗試安裝的修補程序清單 |
| Microsoft.Compute/virtualMachines/extensions/read | 取得虛擬機擴充功能的屬性 |
| Microsoft.Compute/virtualMachines/instanceView/read | 取得虛擬機及其資源的詳細運行時間狀態 |
| Microsoft.Compute/virtualMachines/runCommands/read | 取得虛擬機執行命令的屬性 |
| Microsoft.Compute/virtualMachines/vmSizes/read | 列出虛擬機可更新為的可用大小 |
| Microsoft.Compute/locations/publishers/artifacttypes/types/read | 取得 VMExtension 類型的屬性 |
| Microsoft.Compute/locations/publishers/artifacttypes/types/versions/read | 取得 VMExtension 版本的屬性 |
| Microsoft.Compute/diskAccesses/read | 取得 DiskAccess 資源的屬性 |
| Microsoft.Compute/galleries/images/read | 取得資源庫映像的屬性 |
| Microsoft.Compute/images/read | 取得 Image 的屬性 |
| Microsoft.AzureStackHCI/Clusters/Read | 取得叢集 |
| Microsoft.AzureStackHCI/Clusters/Arc 設定/Read | 取得 HCI 叢集的弧線資源 |
| Microsoft.AzureStackHCI/Clusters/Arc 設定/Extensions/Read | 取得 HCI 叢集的擴充資源 |
| Microsoft.AzureStackHCI/Clusters/Arc 設定/Extensions/Write | 建立或更新 HCI 叢集的擴充資源 |
| Microsoft.AzureStackHCI/Clusters/Arc 設定/Extensions/Delete | 刪除 HCI 叢集的擴充功能資源 |
| Microsoft.AzureStackHCI/Operations/Read | 取得作業 |
| 微軟。連線 edVMwarevSphere/VirtualMachines/Read | 讀取 virtualmachines |
| 微軟。連線 edVMwarevSphere/VirtualMachines/Extensions/Write | 寫入擴充功能資源 |
| 微軟。連線 edVMwarevSphere/VirtualMachines/Extensions/Read | 取得延伸模組資源 |
| NotActions | |
| none | |
| DataActions | |
| Microsoft.HybridCompute/machines/WACLoginAs 管理員/action | 可讓您以系統管理員身分透過 Windows 管理員 中心管理資源的作業系統。 |
| Microsoft.Compute/virtualMachines/WACloginAs 管理員/action | 可讓您以系統管理員身分透過 Windows 管理員 中心管理資源的作業系統 |
| Microsoft.AzureStackHCI/Clusters/WACloginAs 管理員/Action | 以系統管理員身分透過 Windows 管理員 中心管理 HCI 資源的作業系統 |
| 微軟。連線 edVMwarevSphere/virtualmachines/WACloginAs 管理員/action | 可讓您以系統管理員身分透過 Windows 管理員 中心管理資源的 OS。 |
| NotDataActions | |
| none |
{
"assignableScopes": [
"/"
],
"description": "Let's you manage the OS of your resource via Windows Admin Center as an administrator.",
"id": "/providers/Microsoft.Authorization/roleDefinitions/a6333a3e-0164-44c3-b281-7a577aff287f",
"name": "a6333a3e-0164-44c3-b281-7a577aff287f",
"permissions": [
{
"actions": [
"Microsoft.HybridCompute/machines/*/read",
"Microsoft.HybridCompute/machines/extensions/*",
"Microsoft.HybridCompute/machines/upgradeExtensions/action",
"Microsoft.HybridCompute/operations/read",
"Microsoft.Network/networkInterfaces/read",
"Microsoft.Network/loadBalancers/read",
"Microsoft.Network/publicIPAddresses/read",
"Microsoft.Network/virtualNetworks/read",
"Microsoft.Network/networkSecurityGroups/read",
"Microsoft.Network/networkSecurityGroups/defaultSecurityRules/read",
"Microsoft.Network/networkWatchers/securityGroupView/action",
"Microsoft.Network/networkSecurityGroups/securityRules/read",
"Microsoft.Network/networkSecurityGroups/securityRules/write",
"Microsoft.HybridConnectivity/endpoints/write",
"Microsoft.HybridConnectivity/endpoints/read",
"Microsoft.HybridConnectivity/endpoints/serviceConfigurations/write",
"Microsoft.HybridConnectivity/endpoints/serviceConfigurations/read",
"Microsoft.HybridConnectivity/endpoints/listManagedProxyDetails/action",
"Microsoft.Compute/virtualMachines/read",
"Microsoft.Compute/virtualMachines/patchAssessmentResults/latest/read",
"Microsoft.Compute/virtualMachines/patchAssessmentResults/latest/softwarePatches/read",
"Microsoft.Compute/virtualMachines/patchInstallationResults/read",
"Microsoft.Compute/virtualMachines/patchInstallationResults/softwarePatches/read",
"Microsoft.Compute/virtualMachines/extensions/read",
"Microsoft.Compute/virtualMachines/instanceView/read",
"Microsoft.Compute/virtualMachines/runCommands/read",
"Microsoft.Compute/virtualMachines/vmSizes/read",
"Microsoft.Compute/locations/publishers/artifacttypes/types/read",
"Microsoft.Compute/locations/publishers/artifacttypes/types/versions/read",
"Microsoft.Compute/diskAccesses/read",
"Microsoft.Compute/galleries/images/read",
"Microsoft.Compute/images/read",
"Microsoft.AzureStackHCI/Clusters/Read",
"Microsoft.AzureStackHCI/Clusters/ArcSettings/Read",
"Microsoft.AzureStackHCI/Clusters/ArcSettings/Extensions/Read",
"Microsoft.AzureStackHCI/Clusters/ArcSettings/Extensions/Write",
"Microsoft.AzureStackHCI/Clusters/ArcSettings/Extensions/Delete",
"Microsoft.AzureStackHCI/Operations/Read",
"Microsoft.ConnectedVMwarevSphere/VirtualMachines/Read",
"Microsoft.ConnectedVMwarevSphere/VirtualMachines/Extensions/Write",
"Microsoft.ConnectedVMwarevSphere/VirtualMachines/Extensions/Read"
],
"notActions": [],
"dataActions": [
"Microsoft.HybridCompute/machines/WACLoginAsAdmin/action",
"Microsoft.Compute/virtualMachines/WACloginAsAdmin/action",
"Microsoft.AzureStackHCI/Clusters/WACloginAsAdmin/Action",
"Microsoft.ConnectedVMwarevSphere/virtualmachines/WACloginAsAdmin/action"
],
"notDataActions": []
}
],
"roleName": "Windows Admin Center Administrator Login",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}